RANSOMWARE IN ANZ

Noushin Shabab Senior Security Researcher at Global Research and Analysis Team ANZ

1 We believe that everyone – from home computer users through to large corporations and governments – should be able to protect what matters to them most. Whether it’s privacy, family, finances, customers, business success or critical infrastructure, we’ve made it our mission to secure it all.

Eugene Kaspersky, chairman and CEO, Kaspersky Lab

2 EXPERTISE

of our employees new malicious files world-leading are R&D detected by Kaspersky Lab security experts – 1/3 specialists 325,000 every day 40 our elite group

Our Global Research and Analysis Team of security experts constantly explore and fight the most advanced cyberthreats.

3 OUR ROLE IN THE GLOBAL IT SECURITY COMMUNITY

We participate in joint operations and cyberthreat investigations with the Global IT security community, international organisations such as INTERPOL and Europol, law enforcement agencies and CERTs worldwide

We hold regular training We provide expert We host the annual courses for INTERPOL speakers at conferences Kaspersky Lab Security and Europol officers and around the globe, e.g. Analyst Summit which the police forces of many World Economic Forum in brings together the world’s countries, e.g. City of Davos best IT security experts London Police

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

4 AGENDA

• What is ransomware? • History • Classifications of ransomware • Propagation and Acceleration • Ransomware in ANZ • How to prevent ransomware? • No more ransom!

5 WHAT IS RANSOMWARE?

6 WHAT IS RANSOMWARE?

Ransomware is a type of malware that attempts to extort money from a user by infecting and taking control of the victim's machine or the files or documents stored on it.

Typically, ransomware will either lock the computer to prevent normal usage or encrypt the documents and files on it to prevent access to saved data

7 HISTORY OF RANSOMWARE.

8 FIRST RANSOMWARE

9 NOW Multiple variants on multiple platforms causing major damage

2013 A MacOS X-specific Ransomware

2013 Start spreading via Exploit Kit

2011 Ransomware imitating Windows Product Activation

2006 Gpcode

Academic paper: 1996 “Cryptovirology: Extortion-based Security Threats and Countermeasures”

1989 AIDS Trojan (also known as "PC Cyborg")

10 TYPES OF RANSOMWARE

 Screen Locker

 Mobile device Ransomware(Android)  Ransomware encrypting web servers

 Encryption Ransomware

11 PROPERGATION AND ACCELERATION

12 PROPERGATION METHODS

• Infected websites • Malvertising • Emails • Instant Message • Social Networks

13 EMAIL WITH MS OFFICE DOCUMENT ATTACHMENT

14 TRICKS TO MAKE USERS ENABLE DOCUMENT MACROS

15 EMAIL WITH ARCHIVED EXECUTABLE

16 EXAMPLES IN AUSTRALIA AND NEW ZEALAND

17 SCAM EMAIL HEADLINES IN AUSTRALIA

18 SCAM EMAILS ON THE FEDERAL COURT

19 SCAM EMAILS ON THE ANZ POST

20 INFECTION VECTOR

Scam emails Compromised websites Attackers websites

Malicious Resources Links Injected into website Malicious Files

21 STATISTICS ON RANSOMWARE

22 RANSOMWARE IN Q3

• The overall number of cryptor modifications in our malware collection to-date is at least 26,000. 21 new cryptor families and 32.091 new modifications were detected in Q3 2016.

• In Q3 2016, 821,865 unique users were attacked by cryptors – 2.6 times more than in the previous quarter.

Number of new cryptor samples in our collection Number of users attacked by ransomware

23 TOP 10 CRYPTORS Q3

24 MAP OF AUSTRALIA AND NEW ZEALAND

25 HOW TO PREVENT RANSOMWARE?

• Always Make Backups • Keep all software updated • Improve User Awareness • Use Reliable Antivirus solution • DON’T PAY THE RANSOM!

26 NO MORE RANSOM

27 NO MORE RANSOM

28 NO MORE RANSOM MOVEMENT

29 HOW CAN WE HELP?

30 KASPERSKY’S CYBER SECURITY TRAINING

• Work through typical scenarios and situations • Gain greater knowledge and understanding of potential threats and how to deal with them • Skills Assessment • Measurable education plan

31 KASPERSKY’S SYSTEM WATCHER • If suspicious application attempts to open users personal files, it makes a local protected back up copy • If is found to be crypto-malware, automatically rolls back unsolicited changes to system files.

KASPERSKY’S ANTI CRYPTOR FOR FILE SERVER • Detects encryption algorithm from endpoint to file server • Severs connection so no further encryption can occur 32 REMEMBER, DON’T PAY THE RANSOM!

33 LET’S TALK?

Kaspersky Lab HQ 39A/3 Leningradskoe Shosse Moscow, 125212, Russian Federation Tel: +7 (495) 797-8700 www.kaspersky.com

34